CVE-2007-3215

NameCVE-2007-3215
DescriptionPHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1315-1
NVD severitymedium (attack range: remote)
Debian Bugs429179, 429190, 429191, 429192, 429193, 429194, 429195, 429196, 429197, 504253, 504255

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glpi (PTS)wheezy0.83.31-1fixed
jessie0.84.8+dfsg.1-1fixed
knowledgeroot (PTS)wheezy0.9.9.5-6fixed
libphp-phpmailer (PTS)wheezy5.1-1.1fixed
wheezy (security)5.1-1.3+deb7u1fixed
jessie (security), jessie5.2.9+dfsg-2+deb8u3fixed
buster, sid, stretch5.2.14+dfsg-2.3fixed
wordpress (PTS)wheezy3.6.1+dfsg-1~deb7u10fixed
wheezy (security)3.6.1+dfsg-1~deb7u16fixed
jessie4.1+dfsg-1+deb8u14fixed
jessie (security)4.1+dfsg-1+deb8u15fixed
stretch4.7.5+dfsg-2fixed
stretch (security)4.7.5+dfsg-2+deb9u1fixed
buster, sid4.8.2+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
egroupwaresource(unstable)(not affected)
flyspraysource(unstable)0.9.8-12medium429191, 429195
flyspraysourceetch(not affected)
flyspraysourcesarge(not affected)
glpisource(unstable)0.68.3.2-1medium429192
glpisourceetch(not affected)
ipplansource(unstable)4.85-2medium429193
knowledgerootsource(unstable)0.9.8.2-2medium429196
knowledgerootsourceetch(not affected)
libphp-phpmailersource(unstable)1.73-4high429179
libphp-phpmailersourceetch1.73-2etch1mediumDSA-1315-1
maharasource(unstable)1.0.5-2medium504253
maharasourcelenny1.0.4-3medium
moodlesource(unstable)1.8.2-2medium429190
owl-dmssource(unstable)0.94-2medium429197
owl-dmssourceetch(not affected)
phpgroupwaresource(unstable)0.9.16.012+dfsg-9medium504255
phpgroupwaresourceetch(not affected)
wordpresssource(unstable)2.2.1-1medium429194
wordpresssourceetch(not affected)

Notes

[etch] - flyspray <not-affected> (Vulnerable code not)
[sarge] - flyspray <not-affected> (Vulnerable code not included)
[etch] - knowledgeroot <not-affected> (Vulnerable code not used)
[etch] - owl-dms <not-affected> (Vulnerable code not used)
[etch] - glpi <not-affected> (Vulnerable code not used)
[etch] - wordpress <not-affected> (Vulnerable code not present)
[etch] - phpgroupware <not-affected> (bug #504255; Vulnerable code not used)
- egroupware <not-affected> (bug #504283; Vulnerable code not used)

Search for package or bug name: Reporting problems